As I understand it, if you have an app on a system using MSDE, the system would be vulnerable to the SQL Slammer worm *if* the app was listening on port 1434.
A gazillion apps install MSDE when they get installed on a system. A minority of those apps listen on 1434 - at least that what it looks like where I work and I've run nmap against most of my subnets looking for vulnerable machines. Patch your SQL 2000 systems immediately, run nmap (or whatever you favorite tool is) against your subnets and a take a nap. -----Original Message----- From: Eric Zatko [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 13, 2003 7:01 AM To: [EMAIL PROTECTED] Subject: RE: SQL & MSDE and Ports 1433 and 1434 Good day all... Great point H C. I suspected the same thing and have tried that... After doing a "netstat -a -n" on the server, I find that it shows the SQLserver listens on port 1433 (TCP, not UDP). It doesn't show anything listening for UDP on 1433 or 1434. I am confused. Thanks, Eric >>> H C <[EMAIL PROTECTED]> Thursday, February 13, 2003 8:39:02 AM >>> Since it seems that both MS SQL Server and MSDE are vulnerable to the Slammer exploit (if unpatched), one would think that the most obvious first approach would be to see if anything is actually listening on UDP 1434. Given the issues that can arise w/ a remote nmap scan of a system, perhaps the most obvious approach would be to run netstat and/or fport on the system in question. This should tell you pretty definitively whether or not something is even listening on the port in question. __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
